VirtualWebinar

From SBOM to Submission: Operationalizing CRA Vulnerability Handling

Name: From SBOM to Submission: Operationalizing CRA Vulnerability Handling
Start: 2026-07-16T16:00:00.000Z
End: 2026-07-16T16:45:00.000Z

The September 11, 2026 CRA deadline is approaching. Join Finite State and ISMG to learn the practical steps manufacturers should take now to build a risk-based vulnerability handling process, prioritize real exposure, and maintain the evidence needed to support ongoing CRA compliance.

Date & time

Thursday, July 16, 202612:00 PM EDT

Format

Virtual

Type

Webinar

The September 11 CRA Deadline Is Approaching. Are You Ready?

The EU Cyber Resilience Act (CRA) reporting requirements take effect on September 11, 2026. Join Finite State and ISMG to learn the practical steps manufacturers should take now to build a documented, risk-based vulnerability handling process that supports ongoing compliance.

In this webinar, you'll learn how to prioritize real exposure using binary-derived SBOMs, exploit intelligence, reachability analysis, and VEX, while creating the evidence needed to support Annex VII documentation and Article 14 reporting obligations.

What You'll Learn

What CRA expects from vulnerability handling programs
How to prioritize vulnerabilities using reachability, EPSS, and CISA KEV
Best practices for maintaining SBOM and VEX documentation
How to build audit-ready evidence for ongoing compliance

Who Should Attend

Product Security Leaders
PSIRT Teams
Security Architects
Compliance & Regulatory Professionals
Engineering Leaders responsible for connected products

Reserve Your Spot

Choose the session that works best for your region:

Americas Registration Link
12:00 PM EDT

EMEA Registration Link
12:00 PM BST

APAC Registration Link
12:00 PM SGT

Register now to learn how to prepare for the September 11 CRA deadline.

Speakers

Larry Pesce

VP of Services

Finite State

Larry Pesce is a lifelong hacker, educator, and leader in embedded and connected device security. As the Vice President of Services, Larry drives strategic security initiatives across the software supply chain, helping product teams build resilient devices from the ground up. With over 15 years of hands-on penetration testing experience spanning IoT, healthcare, ICS/OT, and wireless technologies, he combines deep technical knowledge with real-world expertise. Larry is also a renowned SANS instructor and co-host of the long-running Paul’s Security Weekly podcast, shaping the next generation of security professionals.

Joshua Marpet

Sr. Product Security Consultant

Finite State

Joshua Marpet is a Senior Product Security Consultant at Finite State, co-host of Paul's Security Weekly and Security Weekly News, and a CMMC co-author. He holds membership on the IEEE/UL 2933 and SPDX standards committees and serves on the boards of BSidesDE, Skytalks, and the Value Chain Risk Institute. A former police officer, firefighter, and Federal Reserve Bank of Philadelphia security analyst, he works at the intersection of security standards, policy, and operational practice.